I am following the nxlog to splunk guide here: https://nxlog.co/documentation/nxlog-user-guide/splunk.html. Specifically, section '93.3. Sending Specific Log Types for Splunk to Parse'. When testing, even using the config from the page, I am still getting an error (see further below)
Hello,
I'm using nxlog community to send logs from my firewalls through syslog.
My output is like that:
<output log_to_file>
module om_file
File 'c:\datas\firewall_' + $MessageSourceAddress + '.log'
<output>
If my firewalls 192.168.1.1 and 192.168.1.2 are correctly configured, the result will be two files:
c:\datas\firewall_192.168.1.1.log and c:\datas\firewall_192.168.1.2.log
nxlog-ce 2.9.1716 on Windows 10/Server 2016.
The usage of om_udp seems to cause nxlog.exe to listen on ephemeral port. om_tcp does not cause this. I can't find anything in documentation that explains this behavior.
Please help.
MK
After using kvp parser i've got variables with spaces in names. For example: "$Event Time" or "$Source Name".
I'm interested in two things:
1. How i can interact with this variable names? For example i'm trying construction "$EventTime = $Event Time;" with many shield variations: ",',),], etc, but this not work.
2. it is possible to prevent this situation? Massage format example below:
Hello,
I am sending a message with hostname to my syslog server, my conf is as follows:
define ROOT C: \ Program Files (x86) \ nxlog
Moduledir% ROOT% \ modules
CacheDir% ROOT% \ data
Pidfile% ROOT% \ data \ nxlog.pid
SpoolDir% ROOT% \ data
LogFile% ROOT% \ data \ nxlog.log
<Extension _syslog>
Module xm_syslog
</Extension>
<Input in>
Module im_msvistalog
